CVE-2026-23556

Summary

When oxenstored is tearing a domain down, the node data is cleaned up but the usage counts are leaked.

When the domain ID is eventually reused, the new domain can create fewer nodes before beeing deemed to be over quota.

Affected Software

VendorProductVersion RangeStatus
Xenoxenstoredallaffected

Weaknesses

  • CWE-281: CWE-281 Improper preservation of permissions

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References